VARIoT IoT vulnerabilities database

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. Siemens' sinumerik mc firmware and sinumerik one Firmware contains a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SINUMERIK MC is a CNC system for customized machine solutions. SINUMERIK ONE is a digitally native CNC system

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. Siemens' RUGGEDCOM ROS contains an information disclosure vulnerability due to timing differences.Information may be obtained

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. Siemens' RUGGEDCOM ROS contains a security check vulnerability.Information may be obtained

.NET and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:0832-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0832 Issue date: 2022-03-10 CVE Names: CVE-2022-24464 CVE-2022-24512 ===================================================================== 1. Summary: An update for .NET 6.0 is now available for .NET on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3. Security Fix(es): * dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464) * dotnet: double parser stack buffer overrun (CVE-2022-24512) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24512 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYipo+dzjgjWX9erEAQhWwA//Z+qgA25Pl9oc2SywwNY3Si0CPw7txaS5 99i3ldOuALPRwbMQ6mGjkpuuwY+ioLBeiBGUSGGXOACjcRMmGIH5dbsj1vTKJlO2 J3kCabYANlt0hHPQtdVL/+SkAG86bUlFiNxsQytd0Od/U782r1WT/JrvLocjuo9k xuqUXZTRR+0fYUoKmMaRRM/ipNHSKTwA5izPbO0a/6xsEB1ubE/vBJ2JDhqIeZ9P nQBn2GcufSMivwbCeEojjLFwmp9H/JQjqHmM0Fd3KLc6VvDMoLK4/Bssy5qQW+PM YkFPWXqjQYX8McWCwRK5ALR5MteyHVlhgjIaP4pStevuBRymysWW2x06atajsrQ3 i2g4AkSp5Kftr4Tr7UzczP4JKqnI+VssUeN4zbWFxoEslhjGCITTD00c9ZxN5bCn w8Awl0h6ezl50YhTTRj2oF2Rq5ff2CbOikZQLe6i3rR+kK8x138/Y876lh6cDzYD 2AJuf/StDjKMVYtR2h/evUymgAvr6tih3baH5egDLa8Bg9p6dm9zB9deYMN4OM7a oAHbqH43+gLirFFsmD97P86pil7YHJeDKPGt0WzhAAppMk10XCuNe7SipQvztwDU UQiOTQPTbiAhHt3/I8DpN7OuEPJP2EHjMWf8/dpouetIkiCIMFFPOX4CLQC35wI/ 5npIufme4D0= =V/tf -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64 3

.NET and Visual Studio Remote Code Execution Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:0832-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0832 Issue date: 2022-03-10 CVE Names: CVE-2022-24464 CVE-2022-24512 ===================================================================== 1. Summary: An update for .NET 6.0 is now available for .NET on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3. Security Fix(es): * dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464) * dotnet: double parser stack buffer overrun (CVE-2022-24512) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24512 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYipo+dzjgjWX9erEAQhWwA//Z+qgA25Pl9oc2SywwNY3Si0CPw7txaS5 99i3ldOuALPRwbMQ6mGjkpuuwY+ioLBeiBGUSGGXOACjcRMmGIH5dbsj1vTKJlO2 J3kCabYANlt0hHPQtdVL/+SkAG86bUlFiNxsQytd0Od/U782r1WT/JrvLocjuo9k xuqUXZTRR+0fYUoKmMaRRM/ipNHSKTwA5izPbO0a/6xsEB1ubE/vBJ2JDhqIeZ9P nQBn2GcufSMivwbCeEojjLFwmp9H/JQjqHmM0Fd3KLc6VvDMoLK4/Bssy5qQW+PM YkFPWXqjQYX8McWCwRK5ALR5MteyHVlhgjIaP4pStevuBRymysWW2x06atajsrQ3 i2g4AkSp5Kftr4Tr7UzczP4JKqnI+VssUeN4zbWFxoEslhjGCITTD00c9ZxN5bCn w8Awl0h6ezl50YhTTRj2oF2Rq5ff2CbOikZQLe6i3rR+kK8x138/Y876lh6cDzYD 2AJuf/StDjKMVYtR2h/evUymgAvr6tih3baH5egDLa8Bg9p6dm9zB9deYMN4OM7a oAHbqH43+gLirFFsmD97P86pil7YHJeDKPGt0WzhAAppMk10XCuNe7SipQvztwDU UQiOTQPTbiAhHt3/I8DpN7OuEPJP2EHjMWf8/dpouetIkiCIMFFPOX4CLQC35wI/ 5npIufme4D0= =V/tf -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64 3

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. Siemens' SINEC NMS Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. Lenovo of thin installer Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. A security vulnerability exists in the AVEVA System Platform, a successful exploitation of which could expose a network user account or the logged-in user's clear text credentials to an authorized low-privilege user. Clear-text credentials will also be exposed if a user creates a diagnostic memory dump of the relevant process and saves it to an unprotected location that an unauthorized malicious user can access

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens' RUGGEDCOM ROS There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM ROS-based devices are typically switches and serial-to-Ethernet devices used to connect equipment operating in harsh environments, such as power utility substations and traffic control cabinets. Siemens RUGGEDCOM Devices has an information disclosure vulnerability, and attackers can use the vulnerability to obtain access passwords

A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. Siemens' polarion alm and Polarion Subversion Webclient Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Polarion WebClient for SVN is an SVN client

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process. Siemens' simcenter star-ccm+ viewer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Simcenter STAR-CCM+Viewer is a standalone scene and story viewer for Simcenter STAR-CCM

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. Siemens' RUGGEDCOM ROS Exists in an exceptional condition check vulnerability.Service operation interruption (DoS) It may be in a state

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. Siemens' RUGGEDCOM ROS Exists in a heap-based buffer overflow vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. Siemens' Climatix POL909 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. Siemens' RUGGEDCOM ROS Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. Siemens' Climatix POL909 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. Siemens' RUGGEDCOM ROS Exists in an integer overflow vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. plural Intel(R) Processor Exists in unspecified vulnerabilities.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:1988-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1988 Issue date: 2022-05-10 CVE Names: CVE-2020-0404 CVE-2020-4788 CVE-2020-13974 CVE-2020-27820 CVE-2021-0941 CVE-2021-3612 CVE-2021-3669 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3759 CVE-2021-3764 CVE-2021-3772 CVE-2021-3773 CVE-2021-4002 CVE-2021-4037 CVE-2021-4083 CVE-2021-4157 CVE-2021-4197 CVE-2021-4203 CVE-2021-20322 CVE-2021-21781 CVE-2021-26401 CVE-2021-29154 CVE-2021-37159 CVE-2021-41864 CVE-2021-42739 CVE-2021-43056 CVE-2021-43389 CVE-2021-43976 CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 CVE-2022-0001 CVE-2022-0002 CVE-2022-0286 CVE-2022-0322 CVE-2022-1011 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) * kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404) * kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788) * kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974) * kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941) * kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612) * kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669) * kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743) * kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744) * kernel: possible use-after-free in bluetooth module (CVE-2021-3752) * kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759) * kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764) * kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772) * kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773) * kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002) * kernel: security regression for CVE-2018-13405 (CVE-2021-4037) * kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157) * kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197) * kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) * kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322) * kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781) * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401) * kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154) * kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159) * kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864) * kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739) * kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056) * kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389) * kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976) * kernel: use-after-free in the TEE subsystem (CVE-2021-44733) * kernel: information leak in the IPv6 implementation (CVE-2021-45485) * kernel: information leak in the IPv4 implementation (CVE-2021-45486) * hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001) * hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002) * kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286) * kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322) * kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011) * kernel: use-after-free in nouveau kernel module (CVE-2020-27820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1888433 - CVE-2020-4788 kernel: speculation on incompletely validated data on IBM Power9 1901726 - CVE-2020-27820 kernel: use-after-free in nouveau kernel module 1919791 - CVE-2020-0404 kernel: avoid cyclic entity chains due to malformed USB descriptors 1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation 1951739 - CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver 1957375 - [RFE] x86, tsc: Add kcmdline args for skipping tsc calibration sequences 1974079 - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() 1981950 - CVE-2021-21781 kernel: arm: SIGPAGE information disclosure vulnerability 1983894 - Hostnetwork pod to service backed by hostnetwork on the same node is not working with OVN Kubernetes 1985353 - CVE-2021-37159 kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c 1986473 - CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts 1994390 - FIPS: deadlock between PID 1 and "modprobe crypto-jitterentropy_rng" at boot, preventing system to boot 1997338 - block: update to upstream v5.14 1997467 - CVE-2021-3764 kernel: DoS in ccp_run_aes_gcm_cmd() function 1997961 - CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c 1999544 - CVE-2021-3752 kernel: possible use-after-free in bluetooth module 1999675 - CVE-2021-3759 kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks 2000627 - CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() 2000694 - CVE-2021-3772 kernel: sctp: Invalid chunks may be used to remotely remove existing associations 2004949 - CVE-2021-3773 kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients 2009312 - Incorrect system time reported by the cpu guest statistics (PPC only). 2009521 - XFS: sync to upstream v5.11 2010463 - CVE-2021-41864 kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write 2011104 - statfs reports wrong free space for small quotas 2013180 - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c 2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies 2015525 - SCTP peel-off with SELinux and containers in OCP 2015755 - zram: zram leak with warning when running zram02.sh in ltp 2016169 - CVE-2020-13974 kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c 2017073 - CVE-2021-43056 kernel: ppc: kvm: allows a malicious KVM guest to crash the host 2017796 - ceph omnibus backport for RHEL-8.6.0 2018205 - CVE-2021-0941 kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free 2022814 - Rebase the input and HID stack in 8.6 to v5.15 2025003 - CVE-2021-43976 kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device 2025726 - CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs 2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it 2030476 - Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel 2030747 - CVE-2021-44733 kernel: use-after-free in the TEE subsystem 2031200 - rename(2) fails on subfolder mounts when the share path has a trailing slash 2034342 - CVE-2021-4157 kernel: Buffer overwrite in decode_nfs_fh function 2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks 2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses 2037019 - CVE-2022-0286 kernel: Local denial of service in bond_ipsec_add_sa 2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation 2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation 2042798 - [RHEL8.6][sfc] General sfc driver update 2042822 - CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c 2043453 - [RHEL8.6 wireless] stack & drivers general update to v5.16+ 2046021 - kernel 4.18.0-358.el8 async dirops causes write errors with namespace restricted caps 2048251 - Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode 2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 2061712 - CVE-2022-0001 hw: cpu: intel: Branch History Injection (BHI) 2061721 - CVE-2022-0002 hw: cpu: intel: Intra-Mode BTI 2064855 - CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-372.9.1.el8.src.rpm aarch64: bpftool-4.18.0-372.9.1.el8.aarch64.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-4.18.0-372.9.1.el8.aarch64.rpm kernel-core-4.18.0-372.9.1.el8.aarch64.rpm kernel-cross-headers-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-core-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-devel-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-modules-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.9.1.el8.aarch64.rpm kernel-devel-4.18.0-372.9.1.el8.aarch64.rpm kernel-headers-4.18.0-372.9.1.el8.aarch64.rpm kernel-modules-4.18.0-372.9.1.el8.aarch64.rpm kernel-modules-extra-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-libs-4.18.0-372.9.1.el8.aarch64.rpm perf-4.18.0-372.9.1.el8.aarch64.rpm perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm python3-perf-4.18.0-372.9.1.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-372.9.1.el8.noarch.rpm kernel-doc-4.18.0-372.9.1.el8.noarch.rpm ppc64le: bpftool-4.18.0-372.9.1.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-4.18.0-372.9.1.el8.ppc64le.rpm kernel-core-4.18.0-372.9.1.el8.ppc64le.rpm kernel-cross-headers-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-core-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-devel-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-modules-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.9.1.el8.ppc64le.rpm kernel-devel-4.18.0-372.9.1.el8.ppc64le.rpm kernel-headers-4.18.0-372.9.1.el8.ppc64le.rpm kernel-modules-4.18.0-372.9.1.el8.ppc64le.rpm kernel-modules-extra-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-libs-4.18.0-372.9.1.el8.ppc64le.rpm perf-4.18.0-372.9.1.el8.ppc64le.rpm perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm python3-perf-4.18.0-372.9.1.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm s390x: bpftool-4.18.0-372.9.1.el8.s390x.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-4.18.0-372.9.1.el8.s390x.rpm kernel-core-4.18.0-372.9.1.el8.s390x.rpm kernel-cross-headers-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-core-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-devel-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-modules-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.s390x.rpm kernel-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-372.9.1.el8.s390x.rpm kernel-devel-4.18.0-372.9.1.el8.s390x.rpm kernel-headers-4.18.0-372.9.1.el8.s390x.rpm kernel-modules-4.18.0-372.9.1.el8.s390x.rpm kernel-modules-extra-4.18.0-372.9.1.el8.s390x.rpm kernel-tools-4.18.0-372.9.1.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8.s390x.rpm perf-4.18.0-372.9.1.el8.s390x.rpm perf-debuginfo-4.18.0-372.9.1.el8.s390x.rpm python3-perf-4.18.0-372.9.1.el8.s390x.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.s390x.rpm x86_64: bpftool-4.18.0-372.9.1.el8.x86_64.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-4.18.0-372.9.1.el8.x86_64.rpm kernel-core-4.18.0-372.9.1.el8.x86_64.rpm kernel-cross-headers-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-core-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-devel-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-modules-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.9.1.el8.x86_64.rpm kernel-devel-4.18.0-372.9.1.el8.x86_64.rpm kernel-headers-4.18.0-372.9.1.el8.x86_64.rpm kernel-modules-4.18.0-372.9.1.el8.x86_64.rpm kernel-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-libs-4.18.0-372.9.1.el8.x86_64.rpm perf-4.18.0-372.9.1.el8.x86_64.rpm perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm python3-perf-4.18.0-372.9.1.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-372.9.1.el8.aarch64.rpm perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-372.9.1.el8.ppc64le.rpm perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-372.9.1.el8.x86_64.rpm perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0404 https://access.redhat.com/security/cve/CVE-2020-4788 https://access.redhat.com/security/cve/CVE-2020-13974 https://access.redhat.com/security/cve/CVE-2020-27820 https://access.redhat.com/security/cve/CVE-2021-0941 https://access.redhat.com/security/cve/CVE-2021-3612 https://access.redhat.com/security/cve/CVE-2021-3669 https://access.redhat.com/security/cve/CVE-2021-3743 https://access.redhat.com/security/cve/CVE-2021-3744 https://access.redhat.com/security/cve/CVE-2021-3752 https://access.redhat.com/security/cve/CVE-2021-3759 https://access.redhat.com/security/cve/CVE-2021-3764 https://access.redhat.com/security/cve/CVE-2021-3772 https://access.redhat.com/security/cve/CVE-2021-3773 https://access.redhat.com/security/cve/CVE-2021-4002 https://access.redhat.com/security/cve/CVE-2021-4037 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2021-4157 https://access.redhat.com/security/cve/CVE-2021-4197 https://access.redhat.com/security/cve/CVE-2021-4203 https://access.redhat.com/security/cve/CVE-2021-20322 https://access.redhat.com/security/cve/CVE-2021-21781 https://access.redhat.com/security/cve/CVE-2021-26401 https://access.redhat.com/security/cve/CVE-2021-29154 https://access.redhat.com/security/cve/CVE-2021-37159 https://access.redhat.com/security/cve/CVE-2021-41864 https://access.redhat.com/security/cve/CVE-2021-42739 https://access.redhat.com/security/cve/CVE-2021-43056 https://access.redhat.com/security/cve/CVE-2021-43389 https://access.redhat.com/security/cve/CVE-2021-43976 https://access.redhat.com/security/cve/CVE-2021-44733 https://access.redhat.com/security/cve/CVE-2021-45485 https://access.redhat.com/security/cve/CVE-2021-45486 https://access.redhat.com/security/cve/CVE-2022-0001 https://access.redhat.com/security/cve/CVE-2022-0002 https://access.redhat.com/security/cve/CVE-2022-0286 https://access.redhat.com/security/cve/CVE-2022-0322 https://access.redhat.com/security/cve/CVE-2022-1011 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqSF9zjgjWX9erEAQjBXQ/8DSpFUMNN6ZVFtli2KuVowVLS+14J0jtj 0zxpr0skJT8vVulU3VTeURBMdg9NAo9bj3R5KTk2+dC+AMuHET5aoVvaYmimBGKL 5qzpu7q9Z0aaD2I288suHCnYuRJnt+qKZtNa4hlcY92bN0tcYBonxsdIS2xM6xIu GHNS8HNVUNz4PuCBfmbITvgX9Qx+iZQVlVccDBG5LDpVwgOtnrxHKbe5E499v/9M oVoN+eV9ulHAZdCHWlUAahbsvEqDraCKNT0nHq/xO5dprPjAcjeKYMeaICtblRr8 k+IouGywaN+mW4sBjnaaiuw2eAtoXq/wHisX1iUdNkroqcx9NBshWMDBJnE4sxQJ ZOSc8B6yjJItPvUI7eD3BDgoka/mdoyXTrg+9VRrir6vfDHPrFySLDrO1O5HM5fO 3sExCVO2VM7QMCGHJ1zXXX4szk4SV/PRsjEesvHOyR2xTKZZWMsXe1h9gYslbADd tW0yco/G23xjxqOtMKuM/nShBChflMy9apssldiOfdqODJMv5d4rRpt0xgmtSOM6 qReveuQCasmNrGlAHgDwbtWz01fmSuk9eYDhZNmHA3gxhoHIV/y+wr0CLbOQtDxT p79nhiqwUo5VMj/X30Lu0Wl3ptLuhRWamzTCkEEzdubr8aVsT4RRNQU3KfVFfpT1 MWp/2ui3i80= =Fdgy -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. CVE-2020-36310 A flaw was discovered in the KVM implementation for AMD processors, which could lead to an infinite loop. A malicious VM guest could exploit this to cause a denial of service. CVE-2022-0001 (INTEL-SA-00598) Researchers at VUSec discovered that the Branch History Buffer in Intel processors can be exploited to create information side- channels with speculative execution. This issue is similar to Spectre variant 2, but requires additional mitigations on some processors. This can be exploited to obtain sensitive information from a different security context, such as from user-space to the kernel, or from a KVM guest to the kernel. CVE-2022-0002 (INTEL-SA-00598) This is a similar issue to CVE-2022-0001, but covers exploitation within a security context, such as from JIT-compiled code in a sandbox to hosting code in the same process. This is partly mitigated by disabling eBPF for unprivileged users with the sysctl: kernel.unprivileged_bpf_disabled=2. This is already the default in Debian 11 "bullseye". CVE-2022-0487 A use-after-free was discovered in the MOXART SD/MMC Host Controller support driver. This flaw does not impact the Debian binary packages as CONFIG_MMC_MOXART is not set. CVE-2022-0492 Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does not properly restrict access to the release-agent feature. A local user can take advantage of this flaw for privilege escalation and bypass of namespace isolation. CVE-2022-0617 butt3rflyh4ck discovered a NULL pointer dereference in the UDF filesystem. A local user that can mount a specially crafted UDF image can use this flaw to crash the system. CVE-2022-25636 Nick Gregory reported a heap out-of-bounds write flaw in the netfilter subsystem. A user with the CAP_NET_ADMIN capability could use this for denial of service or possibly for privilege escalation. For the stable distribution (bullseye), these problems have been fixed in version 5.10.103-1. This update additionally includes many more bug fixes from stable updates 5.10.93-5.10.103 inclusive. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIotmRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qajw//WLCg/HhmykP7eobsnnn7A0U0ONBbZi+Un6Ltueaambvlhme54l5eR4uh f8fLSehpKhEN4bzfWRnDe0vKbws557zsNnd+a000ylfkO6BqEoNL8VwMp0yOVvUt +nB39/ySIM1inH375JAWZ5M2+H8YJVBPrlm0kGxUtBwObC279atwGUINov4xrI5C RzcNa/FQ7tjUMaeBgdGAAJPImnP+zT6shhCUTlR5QLhvB9gyvthtb/OtvhbMcWlM 5gd7papoMFgWBspN21+NPmbadSEXDIpeyPanpfKu9S8Zmht69rTS+pEim6Hm682q 64m/Fb4NgCBgVUH9o8+QJUvJkHv8Z/lNDyfjSn90Eu7kcALDBqh/n+Y0q+SEwKhZ b6UPzuH+hObZk+7GDUY32t9JwlNu0qUk55nCufLVM01bVYkN5ukaXAWCyuCU83ky yY/nHRNHVISFuy6mdfiFRR7lvMcgBD0IPoU9T+cpZPl+WkwzEwyHx16RN/EDVlo6 NomcMiX07XRSwSG7h7wgFs+YxCv9TjvBoAqKS9Q7GwBX6lunItWMwz44+DxcW9SM lJPHFMju9hmqMBHI+UTUX8FMY9aq8Qyk+WFthl7eDZjOJ+lKtkEpTR3b50FXzbdc lTYZEMcNtr7AlThbIxH564DntN8YV3DCV4+Ba/DozvxSJ6kSmrA= =DHkG -----END PGP SIGNATURE----- . Description: Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/ Security fixes: * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816) * minio: user privilege escalation in AddUser() admin API (CVE-2021-43858) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * nconf: Prototype pollution in memory store (CVE-2022-21803) * golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Bug fixes: * RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target (BZ# 2014557) * RHACM 2.5.0 images (BZ# 2024938) * [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?) (BZ#2028348) * Clusters are in 'Degraded' status with upgrade env due to obs-controller not working properly (BZ# 2028647) * create cluster pool -> choose infra type, As a result infra providers disappear from UI. (BZ# 2033339) * Restore/backup shows up as Validation failed but the restore backup status in ACM shows success (BZ# 2034279) * Observability - OCP 311 node role are not displayed completely (BZ# 2038650) * Documented uninstall procedure leaves many leftovers (BZ# 2041921) * infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5 (BZ# 2046554) * Acm failed to install due to some missing CRDs in operator (BZ# 2047463) * Navigation icons no longer showing in ACM 2.5 (BZ# 2051298) * ACM home page now includes /home/ in url (BZ# 2051299) * proxy heading in Add Credential should be capitalized (BZ# 2051349) * ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0 (BZ# 2051983) * Create Policy button does not work and user cannot use console to create policy (BZ# 2053264) * No cluster information was displayed after a policyset was created (BZ# 2053366) * Dynamic plugin update does not take effect in Firefox (BZ# 2053516) * Replicated policy should not be available when creating a Policy Set (BZ# 2054431) * Placement section in Policy Set wizard does not reset when users click "Back" to re-configured placement (BZ# 2054433) 3. Bugs fixed (https://bugzilla.redhat.com/): 2014557 - RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028224 - RHACM 2.5.0 images 2028348 - [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?) 2028647 - Clusters are in 'Degraded' status with upgrade env due to obs-controller not working properly 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2033339 - create cluster pool -> choose infra type , As a result infra providers disappear from UI. 2034279 - Restore/backup shows up as Validation failed but the restore backup status in ACM shows success 2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API 2038650 - Observability - OCP 311 node role are not displayed completely 2041921 - Documented uninstall procedure leaves many leftovers 2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2046554 - infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5 2047463 - Acm failed to install due to some missing CRDs in operator 2051298 - Navigation icons no longer showing in ACM 2.5 2051299 - ACM home page now includes /home/ in url 2051349 - proxy heading in Add Credential should be capitalized 2051983 - ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053264 - Create Policy button does not work and user cannot use console to create policy 2053366 - No cluster information was displayed after a policyset was created 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 2053516 - Dynamic plugin update does not take effect in Firefox 2054431 - Replicated policy should not be available when creating a Policy Set 2054433 - Placement section in Policy Set wizard does not reset when users click "Back" to re-configured placement 2054772 - credentialName is not parsed correctly in UI notifications/alerts when creating/updating a discovery config 2054860 - Cluster overview page crashes for on-prem cluster 2055333 - Unable to delete assisted-service operator 2055900 - If MCH is installed on existing MCE and both are in multicluster-engine namespace , uninstalling MCH terminates multicluster-engine namespace 2056485 - [UI] In infraenv detail the host list don't have pagination 2056701 - Non platform install fails agentclusterinstall CRD is outdated in rhacm2.5 2057060 - [CAPI] Unable to create ClusterDeployment due to service account restrictions (ACM + Bundled Assisted) 2058435 - Label cluster.open-cluster-management.io/backup-cluster stamped 'unknown' for velero backups 2059779 - spec.nodeSelector is missing in MCE instance created by MCH upon installing ACM on infra nodes 2059781 - Policy UI crashes when viewing details of configuration policies for backupschedule that does not exist 2060135 - [assisted-install] agentServiceConfig left orphaned after uninstalling ACM 2060151 - Policy set of the same name cannot be re-created after the previous one has been deleted 2060230 - [UI] Delete host modal has incorrect host's name populated 2060309 - multiclusterhub stuck in installing on "ManagedClusterConditionAvailable" [intermittent] 2060469 - The development branch of the Submariner addon deploys 0.11.0, not 0.12.0 2060550 - MCE installation hang due to no console-mce-console deployment available 2060603 - prometheus doesn't display managed clusters 2060831 - Observability - prometheus-operator failed to start on *KS 2060934 - Cannot provision AWS OCP 4.9 cluster from Power Hub 2061260 - The value of the policyset placement should be filtered space when input cluster label expression 2061311 - Cleanup of installed spoke clusters hang on deletion of spoke namespace 2061659 - the network section in create cluster -> Networking include the brace in the network title 2061798 - [ACM 2.5] The service of Cluster Proxy addon was missing 2061838 - ACM component subscriptions are removed when enabling spec.disableHubSelfManagement in MCH 2062009 - No name validation is performed on Policy and Policy Set Wizards 2062022 - cluster.open-cluster-management.io/backup-cluster of velero schedules should populate the corresponding hub clusterID 2062025 - No validation is done on yaml's format or content in Policy and Policy Set wizards 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2062337 - velero schedules get re-created after the backupschedule is in 'BackupCollision' phase 2062462 - Upgrade to 2.5 hang due to irreconcilable errors of grc-sub and search-prod-sub in MCH 2062556 - Always return the policyset page after created the policy from UI 2062787 - Submariner Add-on UI does not indicate on Broker error 2063055 - User with cluserrolebinding of open-cluster-management:cluster-manager-admin role can't see policies and clusters page 2063341 - Release imagesets are missing in the console for ocp 4.10 2063345 - Application Lifecycle- UI shows white blank page when the page is Refreshed 2063596 - claim clusters from clusterpool throws errors 2063599 - Update the message in clusterset -> clusterpool page since we did not allow to add clusterpool to clusterset by resourceassignment 2063697 - Observability - MCOCR reports object-storage secret without AWS access_key in STS enabled env 2064231 - Can not clean the instance type for worker pool when create the clusters 2064247 - prefer UI can add the architecture type when create the cluster 2064392 - multicloud oauth-proxy failed to log users in on web 2064477 - Click at "Edit Policy" for each policy leads to a blank page 2064509 - No option to view the ansible job details and its history in the Automation wizard after creation of the automation job 2064516 - Unable to delete an automation job of a policy 2064528 - Columns of Policy Set, Status and Source on Policy page are not sortable 2064535 - Different messages on the empty pages of Overview and Clusters when policy is disabled 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064722 - [Tracker] [DR][ACM 2.5] Applications are not getting deployed on managed cluster 2064899 - Failed to provision openshift 4.10 on bare metal 2065436 - "Filter" drop-down list does not show entries of the policies that have no top-level remediation specified 2066198 - Issues about disabled policy from UI 2066207 - The new created policy should be always shown up on the first line 2066333 - The message was confuse when the cluster status is Running 2066383 - MCE install failing on proxy disconnected environment 2066433 - Logout not working for ACM 2.5 2066464 - console-mce-console pods throw ImagePullError after upgrading to ocp 4.10 2066475 - User with view-only rolebinding should not be allowed to create policy, policy set and automation job 2066544 - The search box can't work properly in Policies page 2066594 - RFE: Can't open the helm source link of the backup-restore-enabled policy from UI 2066650 - minor issues in cluster curator due to the startup throws errors 2066751 - the image repo of application-manager did not updated to use the image repo in MCE/MCH configuration 2066834 - Hibernating cluster(s) in cluster pool stuck in 'Stopping' status after restore activation 2066842 - cluster pool credentials are not backed up 2066914 - Unable to remove cluster value during configuration of the label expressions for policy and policy set 2066940 - Validation fired out for https proxy when the link provided not starting with https 2066965 - No message is displayed in Policy Wizard to indicate a policy externally managed 2066979 - MIssing groups in policy filter options comparing to previous RHACM version 2067053 - I was not able to remove the image mirror content when create the cluster 2067067 - Can't filter the cluster info when clicked the cluster in the Placement section 2067207 - Bare metal asset secrets are not backed up 2067465 - Categories,Standards, and Controls annotations are not updated after user has deleted a selected template 2067713 - Columns on policy's "Results" are not sort-able as in previous release 2067728 - Can't search in the policy creation or policyset creation Yaml editor 2068304 - Application Lifecycle- Replicasets arent showing the logs console in Topology 2068309 - For policy wizard in dynamics plugin environment, buttons at the bottom should be sticky and the contents of the Policy should scroll 2068312 - Application Lifecycle - Argo Apps are not showing overview details and topology after upgrading from 2.4 2068313 - Application Lifecycle - Refreshing overview page leads to a blank page 2068328 - A cluster's "View history" page should not contain all clusters' violations history 2068387 - Observability - observability operator always CrashLoopBackOff in FIPS upgrading hub 2068993 - Observability - Node list is not filtered according to nodeType on OCP 311 dashboard 2069329 - config-policy-controller addon with "Unknown" status in OCP 3.11 managed cluster after upgrade hub to 2.5 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2069469 - Status of unreachable clusters is not reported in several places on GRC panels 2069615 - The YAML editor can't work well when login UI using dynamic console plugin 2069622 - No validation for policy template's name 2069698 - After claim a cluster from clusterpool, the cluster pages become very very slow 2069867 - Error occurs when trying to edit an application set/subscription 2069870 - ACM/MCE Dynamic Plugins - 404: Page Not Found Error Occurs - intermittent crashing 2069875 - Cluster secrets are not being created in the managed cluster's namespace 2069895 - Application Lifecycle - Replicaset and Pods gives error messages when Yaml is selected on sidebar 2070203 - Blank Application is shown when editing an Application with AnsibleJobs 2070782 - Failed Secret Propagation to the Same Namespace as the AnsibleJob CR 2070846 - [ACM 2.5] Can't re-add the default clusterset label after removing it from a managedcluster on BM SNO hub 2071066 - Policy set details panel does not work when deployed into namespace different than "default" 2071173 - Configured RunOnce automation job is not displayed although the policy has no violation 2071191 - MIssing title on details panel after clicking "view details" of a policy set card 2071769 - Placement must be always configured or error is reported when creating a policy 2071818 - ACM logo not displayed in About info modal 2071869 - Topology includes the status of local cluster resources when Application is only deployed to managed cluster 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2072097 - Local Cluster is shown as Remote on the Application Overview Page and Single App Overview Page 2072104 - Inconsistent "Not Deployed" Icon Used Between 2.4 and 2.5 as well as the Overview and Topology 2072177 - Cluster Resource Status is showing App Definition Statuses as well 2072227 - Sidebar Statuses Need to Be Updated to Reflect Cluster List and Cluster Resource Statuses 2072231 - Local Cluster not included in the appsubreport for Helm Applications Deployed on All Clusters 2072334 - Redirect URL is now to the details page after created a policy 2072342 - Shows "NaN%" in the ring chart when add the disabled policy into policyset and view its details 2072350 - CRD Deployed via Application Console does not have correct deployment status and spelling 2072359 - Report the error when editing compliance type in the YAML editor and then submit the changes 2072504 - The policy has violations on the failed managed cluster 2072551 - URL dropdown is not being rendered with an Argo App with a new URL 2072773 - When a channel is deleted and recreated through the App Wizard, application creation stalls and warning pops up 2072824 - The edit/delete policyset button should be greyed when using viewer check 2072829 - When Argo App with jsonnet object is deployed, topology and cluster status would fail to display the correct statuses. 2073179 - Policy controller was unable to retrieve violation status in for an OCP 3.11 managed cluster on ARM hub 2073330 - Observabilityy - memory usage data are not collected even collect rule is fired on SNO 2073355 - Get blank page when click policy with unknown status in Governance -> Overview page 2073508 - Thread responsible to get insights data from *ks clusters is broken 2073557 - appsubstatus is not deleted for Helm applications when changing between 2 managed clusters 2073726 - Placement of First Subscription gets overlapped by the Cluster Node in Application Topology 2073739 - Console/App LC - Error message saying resource conflict only shows up in standalone ACM but not in Dynamic plugin 2073740 - Console/App LC- Apps are deployed even though deployment do not proceed because of "resource conflict" error 2074178 - Editing Helm Argo Applications does not Prune Old Resources 2074626 - Policy placement failure during ZTP SNO scale test 2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store 2074803 - The import cluster YAML editor shows the klusterletaddonconfig was required on MCE portal 2074937 - UI allows creating cluster even when there are no ClusterImageSets 2075416 - infraEnv failed to create image after restore 2075440 - The policyreport CR is created for spoke clusters until restarted the insights-client pod 2075739 - The lookup function won't check the referred resource whether exist when using template policies 2076421 - Can't select existing placement for policy or policyset when editing policy or policyset 2076494 - No policyreport CR for spoke clusters generated in the disconnected env 2076502 - The policyset card doesn't show the cluster status(violation/without violation) again after deleted one policy 2077144 - GRC Ansible automation wizard does not display error of missing dependent Ansible Automation Platform operator 2077149 - App UI shows no clusters cluster column of App Table when Discovery Applications is deployed to a managed cluster 2077291 - Prometheus doesn't display acm_managed_cluster_info after upgrade from 2.4 to 2.5 2077304 - Create Cluster button is disabled only if other clusters exist 2077526 - ACM UI is very very slow after upgrade from 2.4 to 2.5 2077562 - Console/App LC- Helm and Object bucket applications are not showing as deployed in the UI 2077751 - Can't create a template policy from UI when the object's name is referring Golang text template syntax in this policy 2077783 - Still show violation for clusterserviceversions after enforced "Detect Image vulnerabilities " policy template and the operator is installed 2077951 - Misleading message indicated that a placement of a policy became one managed only by policy set 2078164 - Failed to edit a policy without placement 2078167 - Placement binding and rule names are not created in yaml when editing a policy previously created with no placement 2078373 - Disable the hyperlink of *ks node in standalone MCE environment since the search component was not exists 2078617 - Azure public credential details get pre-populated with base domain name in UI 2078952 - View pod logs in search details returns error 2078973 - Crashed pod is marked with success in Topology 2079013 - Changing existing placement rules does not change YAML file 2079015 - Uninstall pod crashed when destroying Azure Gov cluster in ACM 2079421 - Hyphen(s) is deleted unexpectedly in UI when yaml is turned on 2079494 - Hitting Enter in yaml editor caused unexpected keys "key00x:" to be created 2079533 - Clusters with no default clusterset do not get assigned default cluster when upgrading from ACM 2.4 to 2.5 2079585 - When an Ansible Secret is propagated to an Ansible Application namespace, the propagated secret is shown in the Credentials page 2079611 - Edit appset placement in UI with a different existing placement causes the current associated placement being deleted 2079615 - Edit appset placement in UI with a new placement throws error upon submitting 2079658 - Cluster Count is Incorrect in Application UI 2079909 - Wrong message is displayed when GRC fails to connect to an ansible tower 2080172 - Still create policy automation successfully when the PolicyAutomation name exceed 63 characters 2080215 - Get a blank page after go to policies page in upgraded env when using an user with namespace-role-binding of default view role 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2080503 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2080567 - Number of cluster in violation in the table does not match other cluster numbers on the policy set details page 2080712 - Select an existing placement configuration does not work 2080776 - Unrecognized characters are displayed on policy and policy set yaml editors 2081792 - When deploying an application to a clusterpool claimed cluster after upgrade, the application does not get deployed to the cluster 2081810 - Type '-' character in Name field caused previously typed character backspaced in in the name field of policy wizard 2081829 - Application deployed on local cluster's topology is crashing after upgrade 2081938 - The deleted policy still be shown on the policyset review page when edit this policy set 2082226 - Object Storage Topology includes residue of resources after Upgrade 2082409 - Policy set details panel remains even after the policy set has been deleted 2082449 - The hypershift-addon-agent deployment did not have imagePullSecrets 2083038 - Warning still refers to the `klusterlet-addon-appmgr` pod rather than the `application-manager` pod 2083160 - When editing a helm app with failing resources to another, the appsubstatus and the managedclusterview do not get updated 2083434 - The provider-credential-controller did not support the RHV credentials type 2083854 - When deploying an application with ansiblejobs multiple times with different namespaces, the topology shows all the ansiblejobs rather than just the one within the namespace 2083870 - When editing an existing application and refreshing the `Select an existing placement configuration`, multiple occurrences of the placementrule gets displayed 2084034 - The status message looks messy in the policy set card, suggest one kind status one a row 2084158 - Support provisioning bm cluster where no provisioning network provided 2084622 - Local Helm application shows cluster resources as `Not Deployed` in Topology [Upgrade] 2085083 - Policies fail to copy to cluster namespace after ACM upgrade 2085237 - Resources referenced by a channel are not annotated with backup label 2085273 - Error querying for ansible job in app topology 2085281 - Template name error is reported but the template name was found in a different replicated policy 2086389 - The policy violations for hibernated cluster still be displayed on the policy set details page 2087515 - Validation thrown out in configuration for disconnect install while creating bm credential 2088158 - Object Storage Application deployed to all clusters is showing unemployed in topology [Upgrade] 2088511 - Some cluster resources are not showing labels that are defined in the YAML 5. It should be noted that other mechanisms for exploiting the underlying issues may be discovered. Also, this may cause issues for applications that rely on the unprivileged eBPF functionality. Please see the knowledge base article at https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI for more details. ========================================================================== Ubuntu Security Notice USN-5317-1 March 09, 2022 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. (CVE-2022-25636) Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-23960) Max Kellermann discovered that the Linux kernel incorrectly handled Unix pipes. A local attacker could potentially use this to modify any file that could be opened for reading. (CVE-2022-0847) Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-0001, CVE-2022-0002) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: linux-image-5.13.0-1016-kvm 5.13.0-1016.17 linux-image-5.13.0-1017-aws 5.13.0-1017.19 linux-image-5.13.0-1017-azure 5.13.0-1017.19 linux-image-5.13.0-1019-gcp 5.13.0-1019.23 linux-image-5.13.0-1020-raspi 5.13.0-1020.22 linux-image-5.13.0-1020-raspi-nolpae 5.13.0-1020.22 linux-image-5.13.0-1021-oracle 5.13.0-1021.26 linux-image-5.13.0-35-generic 5.13.0-35.40 linux-image-5.13.0-35-generic-64k 5.13.0-35.40 linux-image-5.13.0-35-generic-lpae 5.13.0-35.40 linux-image-5.13.0-35-lowlatency 5.13.0-35.40 linux-image-aws 5.13.0.1017.18 linux-image-azure 5.13.0.1017.17 linux-image-gcp 5.13.0.1019.17 linux-image-generic 5.13.0.35.44 linux-image-generic-64k 5.13.0.35.44 linux-image-generic-lpae 5.13.0.35.44 linux-image-gke 5.13.0.1019.17 linux-image-kvm 5.13.0.1016.16 linux-image-lowlatency 5.13.0.35.44 linux-image-oem-20.04 5.13.0.35.44 linux-image-oracle 5.13.0.1021.21 linux-image-raspi 5.13.0.1020.25 linux-image-raspi-nolpae 5.13.0.1020.25 linux-image-virtual 5.13.0.35.44 Ubuntu 20.04 LTS: linux-image-5.13.0-1017-aws 5.13.0-1017.19~20.04.1 linux-image-5.13.0-1017-azure 5.13.0-1017.19~20.04.1 linux-image-5.13.0-1019-gcp 5.13.0-1019.23~20.04.1 linux-image-5.13.0-1021-oracle 5.13.0-1021.26~20.04.1 linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 linux-image-5.13.0-35-generic-64k 5.13.0-35.40~20.04.1 linux-image-5.13.0-35-generic-lpae 5.13.0-35.40~20.04.1 linux-image-5.13.0-35-lowlatency 5.13.0-35.40~20.04.1 linux-image-5.14.0-1027-oem 5.14.0-1027.30 linux-image-aws 5.13.0.1017.19~20.04.10 linux-image-azure 5.13.0.1017.19~20.04.7 linux-image-gcp 5.13.0.1019.23~20.04.1 linux-image-generic-64k-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-generic-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-generic-lpae-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-lowlatency-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-oem-20.04 5.14.0.1027.24 linux-image-oem-20.04b 5.14.0.1027.24 linux-image-oem-20.04c 5.14.0.1027.24 linux-image-oem-20.04d 5.14.0.1027.24 linux-image-oracle 5.13.0.1021.26~20.04.1 linux-image-virtual-hwe-20.04 5.13.0.35.40~20.04.20 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Summary: The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console 2040693 - ?Replication repository? wizard has no validation for name length 2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com? 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings 2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace 2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field. 2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade 2061335 - [MTC UI] ?Update cluster? button is not getting disabled 2062266 - MTC UI does not display logs properly [OADP-BL] 2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend 2074675 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2076593 - Velero pod log missing from UI drop down 2076599 - Velero pod log missing from downloaded logs folder [OADP-BL] 2078459 - [MTC UI] Storageclass conversion plan is adding migstorage reference in migplan 2079252 - [MTC] Rsync options logs not visible in log-reader pod 2082221 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [UI] 2082225 - non-numeric user when launching stage pods [OADP-BL] 2088022 - Default CPU requests on Velero/Restic are too demanding making scheduling fail in certain environments 2088026 - Cloud propagation phase in migration controller is not doing anything due to missing labels on Velero pods 2089126 - [MTC] Migration controller cannot find Velero Pod because of wrong labels 2089411 - [MTC] Log reader pod is missing velero and restic pod logs [OADP-BL] 2089859 - [Crane] DPA CR is missing the required flag - Migration is getting failed at the EnsureCloudSecretPropagated phase due to the missing secret VolumeMounts 2090317 - [MTC] mig-operator failed to create a DPA CR due to null values are passed instead of int [OADP-BL] 2096939 - Fix legacy operator.yml inconsistencies and errors 2100486 - [MTC UI] Target storage class field is not getting respected when clusters don't have replication repo configured

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Linux Kernel Has an initialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Summary: The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. Bug Fix(es): * [Intel 8.3 Bug] ICX Whitley: PCIe - kernel panic with AER-INJECT (BZ#2040309) * [ESXi][RHEL8] A task is stuck waiting for the completion of the vmci_resouce releasing upon the balloon reset. [None8.2.0.z] (BZ#2052200) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:0825-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0825 Issue date: 2022-03-10 CVE Names: CVE-2021-0920 CVE-2021-4154 CVE-2022-0330 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-22942 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2036888) Security Fix(es): * kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847) * kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920) * kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154) * kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330) * kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435) * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) * kernel: missing check in ioctl allows kernel memory read/write (CVE-2022-0516) * kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Intel QAT Kernel power up fix (BZ#2016437) * RHEL8.4 seeing scsi_dma_map failed with mpt3sas driver and affecting performance (BZ#2018928) * [Lenovo 8.4 bug] audio_HDMI certification failed on RHEL 8.4GA (No hdmi out) (BZ#2027335) * [RHEL-8.5][4.18.0-323.el8.ppc64le][POWER8/9/10] security_flavor mode is not set back to zero post online migration (BZ#2027448) * iommu/amd: Fix unable to handle page fault due to AVIC (BZ#2030854) * [Lenovo 8.4 bug]The VGA display shows no signal (black screen) when install RHEL8.4(beta or rc1) in the legacy BIOS mode. (BZ#2034949) * Double free of kmalloc-64 cache struct ib_port->pkey_group from module ib_core . (BZ#2038724) * Bus error with huge pages enabled (BZ#2039015) * RHEL8 - kvm: floating interrupts may get stuck (BZ#2040769) * Data corruption on small files served by httpd, which is backed by cifs-mount (BZ#2041529) * Add a net/mlx5 patch for Hardware Offload Fix (BZ#2042663) * Windows guest random Bsod when 'hv-tlbflush' enlightenment is enabled (BZ#2043237) * DNS lookup failures when run two times in a row (BZ#2043548) * net/sched: Fix ct zone matching for invalid conntrack state (BZ#2043550) * Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel (BZ#2047427) * OCP node XFS metadata corruption after numerous reboots (BZ#2049292) * Broadcom bnxt_re: RDMA stats are not incrementing (BZ#2049684) * ice: bug fix series for 8.6 (BZ#2051951) * panic while looking up a symlink due to NULL i_op->get_link (BZ#2052558) * ceph omnibus backport for RHEL-8.6.0 (BZ#2053725) * SCTP peel-off with SELinux and containers in OCP (BZ#2054112) * Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode (BZ#2054117) * dnf fails with fsync() over local repository present on CIFS mount point (BZ#2055824) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation 2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation 2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS 2050237 - CVE-2022-0516 kernel: missing check in ioctl allows kernel memory read/write 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 2060795 - CVE-2022-0847 kernel: improper initialization of the "flags" member of the new pipe_buffer 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-348.20.1.el8_5.src.rpm aarch64: bpftool-4.18.0-348.20.1.el8_5.aarch64.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-core-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-devel-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-headers-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-modules-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-libs-4.18.0-348.20.1.el8_5.aarch64.rpm perf-4.18.0-348.20.1.el8_5.aarch64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm python3-perf-4.18.0-348.20.1.el8_5.aarch64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-348.20.1.el8_5.noarch.rpm kernel-doc-4.18.0-348.20.1.el8_5.noarch.rpm ppc64le: bpftool-4.18.0-348.20.1.el8_5.ppc64le.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-core-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-headers-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-modules-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-libs-4.18.0-348.20.1.el8_5.ppc64le.rpm perf-4.18.0-348.20.1.el8_5.ppc64le.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm python3-perf-4.18.0-348.20.1.el8_5.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm s390x: bpftool-4.18.0-348.20.1.el8_5.s390x.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-core-4.18.0-348.20.1.el8_5.s390x.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-348.20.1.el8_5.s390x.rpm kernel-devel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-headers-4.18.0-348.20.1.el8_5.s390x.rpm kernel-modules-4.18.0-348.20.1.el8_5.s390x.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm kernel-tools-4.18.0-348.20.1.el8_5.s390x.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-core-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-devel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-modules-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm perf-4.18.0-348.20.1.el8_5.s390x.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm python3-perf-4.18.0-348.20.1.el8_5.s390x.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm x86_64: bpftool-4.18.0-348.20.1.el8_5.x86_64.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-core-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-devel-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-headers-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-modules-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-libs-4.18.0-348.20.1.el8_5.x86_64.rpm perf-4.18.0-348.20.1.el8_5.x86_64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm python3-perf-4.18.0-348.20.1.el8_5.x86_64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-libs-devel-4.18.0-348.20.1.el8_5.aarch64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-libs-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-libs-devel-4.18.0-348.20.1.el8_5.x86_64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-4154 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0435 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0516 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYippdNzjgjWX9erEAQjVrg//WBuZgEcpFf/4YBR6yXjJpyzeNdP/33wU b+G6E6fGXrwoJkMNfLMMr+PmoK5QxZvX3GAqJFApn9SHXtk5M7IM68TCnTXZsXVF M0V2ktlHJwOABXBJEXHFjnq9QllGzRkV+xJPOLKJwRB2fKtNAgOiLTJ7MrJZJtNu WIt5IsPclPoTKrSChCL/b535XKh3hAUqD1eymuk05SqWv3mo2joLQbZpHbM0fQW3 pnvDPnE+HDM8lW8dPJTiw1K3nBRrwmuvyKxNpnGYoRN/8USNJrIGJP5gGjrI1/b8 IrV/OGeA2lk6lu48JmkAjrE/FZ+VeGn51fngrYYk6nfj8Ln8nklZjdLWQ8o+ImGD /CbWFlY3qw1Ml90mjyFyXhUWnz6rhquJvIZo2w3CeCR6/in4qN195aikaLmMAzZm 5ar+9AkUGd2YsSAzeYn+FuGKEVucYZZCYc0wntVYwAMDTL3WPSIx+0m4TO+7pEvi 9ZqnZ0Rn7iaAx6nEc1TQynzGbWBQr13k6h/2xhPhURDYnkULuxjJlWtIo8r+SdEH N8g66V55B16BkLXPRYg/DikuiF9+d2neszj8ZWvBKTnU2iSVaGCii7MQ5EdjkCdi 0xk52SLKdk2I+Q2fLa+DJh5RW3fnP1NULPuW7350UBgbCUX2QdHsLMK+UnYkkmyV /Hdqi2gHENg= =duKX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce